Notice: Undefined variable: Date in /usr/local/www/ngc/pgp/index.phtml on line 8

PGP -- Getting Started

Updated: Jan 6, 2000

Getting Started with PGP

PGP, which stands for Pretty Good
Privacy, is a strong encryption program that is available
world wide in freeware and commercial versions. PGP has a very loyal
following on the Internet. The program was first written by Phil
Zimmermann and released over the Internet in 1991. Phil started his
own company, PGP Inc., to sell PGP-based products. PGP Inc. is now
part of Network Associates, http://www.nai.com. Here are some things
you should know about PGP:

A free versions of PGP is available over the Internet, but
only for noncommercial use. The latest (Jan. 2000) current version
is 6.5.

Commercial versions of PGP are available from the PGP Division
of Network Associates

PGP enables you to make your own public and secret key pairs.

PGP public keys are distributed and certified via an informal
network called "the web of trust," which is kind of like the
letters of introduction popular in the pre-electronic era.

Most experts consider PGP very secure if used correctly.

For three years, Philip Zimmermann, the developer of PGP, was
threatened with federal prosecution in the United States for his
actions. Charges were finally dropped in January 1996.

At the close of 1999, Network Associates, Inc. announced that
it has been granted a full license by the U.S. Government to
export PGP world-wide, ending a decades-old ban. The license,
effective immediately, marks the end of the PGPi scanning and OCR
project, which started with PGP 5.0i in 1997.

See the chapter "Commonsense and Cryptography" in Internet Secrets
for more on encryption in general.

On this Page, we describe how to use the freeware version of PGP.

Setting up PGP

Getting ready to use PGP is more complicated than setting up most
application programs. Before you can start using PGP you must take
the following steps:

Get a current version of PGP that works on your
computer.

Unpack and install PGP on your computer.

Make up a good secret pass phrase.

Create your own public and private keys.

Validate your public key.

Give copies of public key to your friends.

Get copies of your friends' public keys.

Upload your public key to a key server.

Each of these steps takes some effort to get right. Make yourself
comfortable and we'll go through them one at a time.

Encryption technology is beset by legal issues, both in the United
States and in many -- if not most -- foreign countries. We believe
that you have a legal right to use PGP in the United States, but we
are not lawyers and cannot give legal advice. We suggest that you
consult a lawyer if you have legal questions. But be aware that
lawyers who are knowledgeable in this field are few and far between.

Getting PGP

How you can legally obtain a copy of PGP and which version to get
depends on who and where you are. Before you blame the complexity of
what you are about to read on the Byzantine minds of the developers
of PGP, realize that this system is probably the best they could come
up with, given U.S. export laws and the maze of patents and
copyrights that apply to PGP.

If you are a U.S. citizen currently living in the United States

If you are a U.S. or Canadian citizen or permanent resident and
live in the United States or Canada right now, you have the following
three choices for obtaining PGP:

1. Are you a citizen or national of the United
States or a person who has been lawfully admitted for permanent
residence in the United States under the Immigration and
Naturalization Act?

2. Do you agree not to export PGP, or RSAREF to
the extent incorporated therein, in violation of the export
control laws of the United States of America as implemented by the
United States Department of State Office of Defense Trade
Controls?

3. Do you agree to the terms and conditions of
the RSAREF license (in rsalicen.txt )?

4. Will you use PGP Freeware solely for
non-commercial purposes?

If you said "yes" to all the above, if MIT can figure out from
your Internet address that you are in the United States, and if you
started at the right time, you can download PGP without much fuss.

Yes, that's right, we said "started at the right time." To make
sure that you can get PGP only by going through the listed procedure,
MIT changes the name of the directory where the PGP software is kept
every 30 minutes. The name changes at the hour and on the half-hour.
If you don't get everything you need before the name change, you must
start over. So a good idea is to begin this little treasure hunt just
after the hour (say, between 3 and 3:10 p.m.) or just after the
half-hour (say, between 3:30 and 3:40 p.m.) to give yourself as much
time as possible to download the program. The PGP files should
download in under 12 minutes on a good day.

If you live in Canada

The method for Internet PGP distribution to Canada is a little bit
different. Go to MIT's
Canada
page.

You are asked a set of questions oriented to Canadian residents.
From there on, the procedure is the same as for the U.S. residents,
as described in the preceding section.

If you live outside the U.S. and Canada

People living outside of the U.S. and Canada in countries that
permit PGP use can obtain PGP over the Internet pretty much without
restriction. The primary international distribution site is at the
following address:

Unpacking PGP

PGP is distributed in compressed format. The Windows version is
usually transmitted in Zip format. You need a program such as WINZIP
or pkunzip to extract the file. The Macintosh version is supplied as
self-extracting archives in Binhex format.

PGP is shipped "double-wrapped" so that it can be signed. Follow
the instructions that come with the distribution you have.

Pick a strong secret pass phrase

Before you make your public and secret keys, you need a pass
phrase. Because just walking up to a computer and copying
someone's secret key file is so easy, the designers of PGP added a
feature that stores the secret key in a coded form. To unlock this
coded secret key, you must type in the right pass phrase.

Pass phrases, as used in PGP, were invented by Sigmund Porter in
1982. They are usually longer than the typical 8 - to 10-character
password and are used to give added security.

A lot of mumbo-jumbo has been written on how to make up your pass
phrase. We have a simple prescription: Just pick five words at random
from a dictionary. A password chosen this way provides very good
protection for your secret key -- better than most PGP users enjoy --
and five words is not too much to remember or too long to type in
each time you need it. See the Diceware page
http://www.diceware.com for
instructions on how to do this.

Pass phrases are case sensitive, which means that the following
two phrases are not the same:

early think vy haul book

Early Think Vy Haul Book

Some people encourage you to use weird capitalization in your pass
phrase to make it more secure. We think that doing this just makes
remembering and accurately typing your pass phrase too hard and is
not worth the trouble. Add a sixth word if you are paranoid.

Should I write down my pass phrase?

Most authorities say that you should never
write down your pass phrase. We don't agree. Most of us just are not
that confident of our ability to memorize passwords and phrases,
especially those for infrequently used accounts. The risk of someone
trying to steal your secret key is theoretical for most of us. The
risk of forgetting is all too real.

At best, losing a pass phrase means the
hassle of creating a new key pair, revoking the old key, and
distributing the new public key. At worst, the loss could result in
your inability to read important mail in time to act on it -- or even
losing valuable data files forever. As a result, even people who know
better may choose a short pass phrase that is easy to remember -- and
equally easy to guess.

If writing down your pass phrase spurs you
to pick a stronger pass phrase, we say to go ahead and write it down
-- but keep it in a safe place. What's a safe place? Your wallet; a
secret hiding place at home; or, if you have a great many paper
files, a random file folder ( but not one labeled
"Pass Phrase"). For high-security situations, a bank safe-deposit box
is a good choice. Never store your
pass phrase on or near your computer.

Generating your own public and private (secret) keys

Before you make your keys, you must tell PGP where to put them.
(If you have gotten this far, you may have some scatological ideas
for this, but just take a deep breath and go on.) PGP stores keys in
special files called keyrings. Normally, you keep your
keyrings on your hard disk with the rest of PGP. If you like, you can
keep PGP on your hard disk, but keep your keyrings on a floppy disk
stored in a safe place.

PGP includes a utility program called PGPkeys for managing your
keyring. Select PGPkeys from the Start Menu on Windows 95 and 98 or
from the PGP menu on Macs.

Making your key pair

This is the big moment. you are now ready to create your very own
public and private PGP key pair.

Select Keys @-> New Key from the PGPkeys menu. PGP's Key Wizard
steps you through the process. You are asked to enter the following
three items of information:

* Full name and e-mail address.

* Whether you want and RSA or DSS/Diffie-Hellman key

* The size of your public key. Most PGP users choose 1,024 bits
or 2,048 bits. 1,024 bits is more than enough for anyone whose
computer is not under armed guard 24 hours a day.

* Your passphrase. You have to type it twice to make sure you
have not entered it incorrectly.

* Some random information in the form of keyed in data or mouse
movements that PGP will use generate a strong key. PGP relies on
the exact timing of your input for randomness, so don't worry
about what you enter here.

Signing your public key

The first thing you need to do is to sign your public key.
Remember way back when we told you that can use PGP to sign
documents? Well, you also sign public keys. Signing a public key is a
way of saying, "I know the person to whom this key belongs." Signing
a public key does not mean that you vouch for the person's integrity
-- or even like the person. This action means only that you know that
the person is who he or she claims to be.

Signing your own key just proves to the world that your public key
comes from someone who has the matching secret key and prevents some
of the arcane (no, not arcade -- arcane) games that
cryptographers spend much of their time worrying about. (Remember the
guy who was paranoid until the day they got him . . .?). To
sign your key just enter the following at the DOS prompt,
substituting your actual name for yourname:

To self-sign your key, highlight it in the PGPkeys window and
select Keys @-> Sign

Save your secret key on a backup disk

Your private or secret key is stored in your secret keyring file.
You need to make a backup copy of this file on a floppy disk of its
own and keep the disk in a safe place. Better yet, make two backup
copies and store them in different locations. If you lose your secret
key, no one can recreate it for you.

To back up your secret key, copy the files
pubring.pgp and secring.pgp from
your PGP directory to a floppy disk or other backup medium. Protect
this disk carefully. As its name implies, secring.pgp
contains your secret PGP key. The secret key is encoded
using your pass phrase, but you should still protect this file.

Enter the Web of Trust

A big problem with all this public key stuff is knowing that a
public key really came from the person whose name is on it. Other
advocates of public key technology are proposing complex hierarchies
in which your key is registered with some big organization that signs
your key. The big organization's key is signed by some bigger agency
and so on up to some super-dooper master certifying agency, maybe at
the UN or something.

Well the developers of PGP don't like that concept. They believe
that having such agencies for signing keys centralizes control of
your electronic identity into the hands of big business and big
government. (The U.S. Post Office, for example, is thinking of
getting into the key certificate business.) So the PGP gang came up
with a different, more organic approach called the Web of
Trust.

The Web of Trust -- which has nothing to do with the Internet's
World Wide Web, by the way -- works by having people sign the keys of
people they know. If you have enough signers, and I have enough
signers, and all the signers have enough signers, the chances are
good that we may have a signer in common. If so, we can be pretty
confident that we each are who we say we are. For example, Bill knows
Bob who knows Sally. Bill also know Marko who knows Irena who knows
Ofer. So Sally can know who Ofer is. The Web of Trust is a nice
concept, and no one can revoke your keys because you didn't pay your
parking tickets. We hope that it catches on.

The first thing you need to do is to copy your public key off your
key ring and put it into a little text file of its own that you can
give on a floppy disk to someone or paste into an e-mail message.
Here is what Arnold's public key looks like:

To save your public key, highlight it in the PGPkeys window and
select Keys @-> Export Keys

If a friend who already has PGP is helping you set up, ask that
friend to sign your public key, and then you can sign his or her key.
See the section "Get Your Key Certified," later in this page.

Leave Fingerprints

While you're fussing with your keys, you should need to extract
your key fingerprint as well. Suppose that someone who knows
you calls you up and says, "Hey ol' buddy, I got this here public key
that has your name on it. Is it really yours?" You could sit there on
the phone while he reads your public key back to you:

A public key can have a thousand letters in it. Sitting there
listening to them is a big drag.

To solve this problem, PGP can make a short ``digest'' of
your public key, called a
key fingerprint. As with human fingerprints, the chance that
two PGP users would ever have the same key fingerprints is so small
as to be practically nonexistent. Key fingerprints contain only 32
letters and numbers, and the letters are all the same case. Arnold's
PGP fingerprint, for example, looks like this:

FA C3 82 FB 05 5E 03 1A 34 04 79 EA 9E 76 7B 67

Ugly, but if you were checking up on this key, you'd need to read
only these 32 letters and numbers over the phone, which is only a
minor drag.

PGP fanatics put their key fingerprints on their business cards,
their stationary, their e-mail signatures, their front doors, and so
on.

To see a key's fingerprint, highlight the key in the PGPkeys
window and select Keys @->Info

Write down your fingerprint in a handy place, such as in your
address book, so that you can help someone verify your public key at
any time.

Give your public keys to anyone

Your friends need your public key to send you coded messages.
(When we say friends, we really mean anyone with whom you want
to communicate in private). You can safely give your public key to
anyone -- friend, stranger or enemy. On the other hand, if someone
knocks on your door and says that she is from the phone company, your
bank, Dummies Central, or whatever and asks to see your secret key,
you slam the door. Now. Got that?

You can get your public key to someone in the following ways:

In person. Just copy the little public key file we made
in the previous step onto a floppy disk and hand it to the person.
You can even send the disk by postal mail or express delivery
service.

By e-mail. Include the file keyfilename in a
message and e-mail it. If you can't figure out how to send a file
with your message, try opening keyfilename in a word
processor program, copy all the text to the Clipboard, and paste
the text into a new e-mail message.

Use a PGP key server. We discuss this option in the
section "Key servers at your service," later in this page.

In theory, you could mail or fax someone a hard copy printout of
your key and have them type it in, but keys can be a few hundred
characters long, so typing one exactly right is very difficult and
very tedious.

Importing a key

If a friend gives you his or her public key, you need to add it to
your public keyring file. Adding a new key to your public key ring is
actually easier than adding a metal key to one of those circle rings,
where you have to pry up one end, slip the hole in the key under that
half of the circle, and slide the key all the way along until it
snaps off the other end.

If you are given a file newfilename with a key in it that
you want to add to your public key ring, choose Key@-->Import keys
and select newfilename from the dialog box.

You are asked if you want to certify this key. Do not do so
unless you know the person, and he or she personally handed you the
key file on disk, or you have verified the key fingerprint over the
phone with the person and you recognized her voice.

The PGP distribution should come with the public keys of several
PGP honchos. Adding the keys in this file to your public key ring is
good practice and you can use the keys to verify that the copy of PGP
you have is valid. See the section "To Verify a Separate File," later
in this page.

Because the other keys are signed by Phil, if the key fingerprint
you get matches that in the preceding example, you (and your copy of
PGP) are safe.

Well, you're sort of safe. Anyone clever enough to make a doctored
version of PGP could have it recognize that you are checking its
signature and print out the "all clear" message. You really ought to
get PGP from two independent sources and use each to check the other.
If you are a gentle, laid-back, trusting sort of soul, this crypto
stuff should cure you of that really fast.

Get a friend to certify your key

To get your key certified, first extract a copy of your key by
highlighting it and choosing Key@-->Extract keys from the PGPkeys
menu.

Give the extracted fileto a friend who has PGP. That
person adds your key to her keyring by choosing Key@-->Import keys
from the PGPkeys menu.

She then chooses Keys @-> Sign from the PGPkeys menu, and
enters her personal pass phrase. She now extracts a fresh copy of
your key from her keyring by choosing Key@-->Extract keys from the
PGPkeys menu.

She then gives the key back to you on a floppy disk. You add it
back into your keyring by choosing Key@-->Import keys from the
PGPkeys menu.

You now have a signature on your key. From now on, anybody who
knows your friend, trusts her, and has a copy of her public key knows
that your public key is legitimate.

Naturally, you return the favor and sign her key.

Do it by remote control

Suppose that your friend is a long distance away, but you still
want to exchange signatures. Simply send your key to your friend by
e-mail. She adds your key to her keyring as before, but she
doesn't certify it because she has no way to know that the key
wasn't tampered with on the way.

Both of you get the key's fingerprint. Remember that a PGP key
fingerprint is a string of 32 letters and numbers. (See the section
"Leave Fingerprints," earlier in this page.) Now call your friend on
the phone, make sure that you recognize her voice, and read her the
32 letters and numbers in the fingerprint. If the fingerprint matches
what she has, she knows that she has a legitimate copy of your key.
She can now sign your key, extract it, and e-mail it back to you. You
then add it to your public keyring as before.

Inspect your key ring

The PGPkeys utility lets you view all the keys in your public key
ring. To see who has certified a key, click on the small icon (not
the key icon) to the left of that key in the PGPkeys display, or
choose Edit @--> Expand Selection from the PGPkeys menu.
Double-click on a key to view its fingerprint and trust level.

Key servers

A number of universities and other organizations around the world
operate public PGP key servers on a volunteer basis. These key
servers enable you to submit your key and look for keys submitted by
others. You can submit and search for keys by Internet FTP or by
e-mail.

Most of the organizations that run these key servers make no
attempt whatsoever to verify the keys.

To send a key to the key servers, highlight in the PGPkeys display
and choose Keys @--> Keyserver @--> Send Selected Keys from the
PGPkeys menu. You only need to send your key to only one server. That
server forwards your request to the other servers automatically.

To find someone's key on the key servers, choose Keys @-->
Keyserver @--> Find New Key from the PGPkeys menu. Then enter the
persons e-mail address or user name when asked.

Most key also servers processes also requests from you that are
sent as e-mail messages. You give the server one command per message.
Commands are entered on the subject line of your message, as
in the following example:

To: pgp-public-keys@pgp.mit.edu

From: Arnold Reinhold@world.std.com

Subject: help

Most key servers accept the commands shown in the following table:

Server Commands

Command Meaning

ADD Your PGP public key.

(Key to add is the body of the message).

INDEX userid

List of all the PGP keys that match the user ID.

VERBOSE INDEX userid

List of matching PGP keys, along with
any signatures they may have.

GET userid

Get just that one key.

MGET pattern

Get all keys that match pattern.

You should normally send e-mail key server requests to the
following address:

pgp-public-keys@keys.pgp.net

Or send them to your national server at one of the following
addresses:

pgp-public-keys@keys.us.pgp.net

pgp-public-keys@keys.de.pgp.net

pgp-public-keys@keys.nl.pgp.net

pgp-public-keys@keys.no.pgp.net

pgp-public-keys@keys.uk.pgp.net

What if your secret key is stolen?

If you have reason to believe that your
secret key was compromised, the only thing you can do is revoke your
public key, create a new pair of PGP keys, and circulate the
revocation file containing your new public key as widely as possible.
To revoke your public key, choose Key @-->Revoke from the PGPkeys
menu.

PGP asks if you really want to do this and
then prompts for your pass phrase. You then extract an ASCII copy of
your now-revoked key and distribute it widely, just as you did after
you first made it. You also need to make a new key pair for yourself,
extract the public key, and distribute the new public key at the same
time. After you revoke your own key, you cannot re-enable it.

Notice that you need both your secret key
and pass phrase to revoke your key. If you lose either of them, you
're stuck. This situation is why we recommend that you make at least
two backup copies of your secret key and why we think that writing
your pass phrase down and keeping it somewhere safe is okay.

Using PGP to exchange private messages

This section tells you how you actually use PGP to send and
receive encoded messages (at last!).

A secret message for Irene

Assume that you have Irene's public key on your keyring. (See the
section "Adding a key," earlier in this page, if you don't). First,
type your message in PGP friendly application or e-mail program such
as Eudora. Now choose Encrypt from the PGP menu.

PGP prompts you for your pass phrase and then encrypts your
message, suitable for mailing.

PGP handles the file's end-of-line characters, which vary
from computer to computer, in a way that should work on any computer.

Sign on the dotted line

You can sign a document as part of the encryption process, or you
can sign a document while leaving the body of the document
unencrypted. You can even produce a signature file that is
independent of the document.

To sign a text file without encrypting it, choose Sign from the
PGP menu.

To sign a text file and encrypt it, choose Encrypt/Sign from the
PGP menu.

PGP asks for your pass phrase and then adds a PGP signature,
similar to the one in the following example, to the end of the text
file, as follows:

Decrypting files and verifying signatures

To read an encrypted file using a PGP friendly application or
e-mail program such as Eudora, or to just check message's signature,
choose Decrypt/Verify from the PGP menu. You are asked for your pass
phrase if the file is encrypted.

PGP has a handy option that decrypts to PGP's display window. This
option enables you to view a message without writing an unencrypted
version to disk.

A bug was found in older versions of PGP that affects plaintext
signatures. The following line is meant to be followed by a
blank line:

-----BEGIN PGP SIGNED MESSAGE-----

A signed document can be tampered with by adding text in front of
that blank line.

Always examine the output of PGP when verifying a document signed
with versions before 2.6.2. The input may be tampered with, but the
output cannot be.

Can the Spooks Crack PGP?

This question, regarding the ability of government codebreaking
agencies like NSA to undo PGP encryption, is a perennial one on
Internet newsgroups such as sci.crypt and
alt.security.pgp. The NSA, of course, is the
United States National Security Agency. NSA is the largest
code-breaking outfit in the world, getting a big piece of the United
States' $29 billion annual budget for intelligence. The days when the
NSA's mere existence was a secret, however, are long gone. The agency
has a museum and a nice World Wide Web home page at the following
address:

The NSA certainly can crack PGP if you use a key length of 512
bits or less. But what if you use the 1,024-bit key size we
recommend? The truth is that no one outside the NSA can say for sure.
No techniques that have been published are even remotely close to
breaking keys that big. And the 128-bit session keys seem equally
impregnable. Our gut feeling -- for what it is worth -- is that the
NSA cannot crack the codes used in PGP.

If the NSA or some other large organization really wants to obtain
data encrypted with PGP, can they do so? More often than not, we
think, they can. Isn't that a contradiction? Well, read the section
"Other ways that they can get your data," in the section "Commonsense
and Cryptography." The documentation that comes with PGP also has a
section on "Vulnerabilities" that is well worth reading. The NSA
knows all the tricks described in those documents and probably a few
we haven't thought of. To achieve the level of security PGP is
capable of takes discipline. Remember, however, that PGP promises
only "pretty good privacy." Without more attention to security than
an average person is likely to stand for, that is all PGP can
provide. It's a tough world.

HushMail!

A new alternative to PGP is a web site
called HushMail, http://www.hushmail.com.
HushMail is similar to other advertising supported
free e-mail sites, like HotMail or Yahoo, but with one very big
difference: HushMail offers strong encryption.

HushMail uses public key encryption, but
keeps your secret key on its server in encrypted form. This means you
can use HushMail from anywhere. HushMail utilizes the latest Java
technology, so you need a fairly recent browser to access their site.
HushMail's requirements are as follows:

Netscape Communicator 4.04 or
better.

Microsoft Internet Explorer 4 or
better

Windows95, Windows98, WindowsNT, or Red
Hat Linux 5.2 or 6

HushMail is not currently compatible with
the Macintosh operating system, though they hope to have it working
on Macs very soon.

HushMail is new could have some unnoticed
flaws, but the designers seem committed to doing things the right way
and they have published the source code for the Java applet that
performs encryption on your computer.

The biggest potential weakness in HushMail
is that its security depends entirely on the passphrase you select.
We strongly recommend that you use a Diceware passphrase of at least five words with hushMail.
Six or seven words would be better.

HushMail turns your passphrase into an
encryption key with no "salt." That means a snoop can attack many
keys at once. You can correct this problem to by choosing a longer
passphrase, even if part of it is not secret. For example you might
select a five word diceware secret passphrase and then add you
HushMail user name at the end.

Remember that the secrecy of the message
you send depends upon the security measures that you receipient uses,
so make sure he is using a strong Diceware passphrase as well.

To learn more

For more information about PGP and computer cryptography in general, get
Internet Secrets, 2nd edition, to be published in Spring of 2000,
which has a whole section on the topic.
If you'd like to be notified when we update this area of Internet Gurus Central, leave your e-mail address here. (We'll only use this to send you updates about this site, and will not give your address to anyone else, not even our beloved publisher.
We'll send you a message to which you must respond to confirm
that you want updates, which also tells you how to get off the list if
you change your mind later.)